Total
1466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3066 | 1 Mobatime | 1 Amxgt 100 | 2023-06-14 | N/A | 8.1 HIGH |
| Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | |||||
| CVE-2023-22610 | 1 Schneider-electric | 3 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020, Ecostruxure Geo Scada Expert 2021 | 2023-06-14 | N/A | 7.5 HIGH |
| A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. | |||||
| CVE-2023-28352 | 2 Faronics, Microsoft | 2 Insight, Windows | 2023-06-13 | N/A | 7.4 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. | |||||
| CVE-2022-46308 | 1 Sguda | 2 U-lock, U-lock Firmware | 2023-06-09 | N/A | 8.8 HIGH |
| SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information. | |||||
| CVE-2023-3033 | 1 Mobatime | 1 Mobatime Web Application | 2023-06-09 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22. | |||||
| CVE-2023-28698 | 1 Wddgroup | 1 Fantsy | 2023-06-09 | N/A | 9.8 CRITICAL |
| Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | |||||
| CVE-2022-46307 | 1 Sguda | 2 U-lock, U-lock Firmware | 2023-06-09 | N/A | 8.8 HIGH |
| SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks. | |||||
| CVE-2023-31226 | 1 Huawei | 1 Emui | 2023-06-08 | N/A | 7.5 HIGH |
| The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-34218 | 1 Jetbrains | 1 Teamcity | 2023-06-06 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | |||||
| CVE-2023-30771 | 1 Apache | 1 Iotdb Web Workbench | 2023-06-06 | N/A | 9.8 CRITICAL |
| Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards. | |||||
| CVE-2023-34219 | 1 Jetbrains | 1 Teamcity | 2023-06-02 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | |||||
| CVE-2023-1158 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2023-06-01 | N/A | 4.3 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | |||||
| CVE-2011-1207 | 1 Ibm | 1 Rational System Architect | 2023-05-30 | 9.3 HIGH | N/A |
| The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2023-26818 | 1 Telegram | 1 Telegram | 2023-05-26 | N/A | 5.5 MEDIUM |
| Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | |||||
| CVE-2023-33254 | 1 Quest | 1 Kace Systems Deployment Appliance | 2023-05-26 | N/A | 6.5 MEDIUM |
| There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | |||||
| CVE-2023-31597 | 1 Zammad | 1 Zammad | 2023-05-25 | N/A | 6.5 MEDIUM |
| An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets. | |||||
| CVE-2023-2782 | 1 Acronis | 1 Cyber Infrastructure | 2023-05-25 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | |||||
| CVE-2023-23446 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2023-05-25 | N/A | 7.5 HIGH |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. | |||||
| CVE-2023-23445 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2023-05-25 | N/A | 7.5 HIGH |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. | |||||
| CVE-2023-2515 | 1 Mattermost | 1 Mattermost Server | 2023-05-23 | N/A | 8.8 HIGH |
| Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin | |||||